• The most common password used by South Africans is “admin” and it takes less than one second for a hacker to crack it.
• This is according to a new study by NordPass, detailing the top most used passwords worldwide.
• South Africans tend to use weaker passwords for their streaming services and more complex passwords for their financial accounts.

The most common passwords in South Africa have been revealed by NordPass, the password security product of the company that sells NordVPN. In 2023, “admin” was the most commonly used password among South Africans, followed by – yup, you guessed it – “123456” as the second most commonly used.

While this may seem like a little joke or a funny confirmation of a stereotype it actually has sinister undertones. NordPass has tested the most common 20 passwords in South Africa and has given the time it requires a hacker to brute force each of them.

This is a popular technique where a hacker runs an algorithm to guess a password by making thousands if not millions of password attempts per second. The more complex a password is, how many different letters, numbers and special characters a password has, as well as different cases (upper and lower) for each character, the more difficult it is to brute force.

The top password “admin” will take a hacker less than one second to brute force. You might as well not be using a password at all. NordPass believes that admin is the top choice because users are simply too lazy to invent their own passwords and just leave the pre-set password of devices.

South Africans also tend to use weaker passwords for streaming accounts and stronger passwords for financial accounts. The problem is that a good enough hacker can access your financial information through your streaming subscription of choice if left unhindered.

The top five most commonly used passwords in South Africa are:

• admin,
• 123456,
• 336699,
• password,
• weiter

Each of these takes less than one second to brute force, with the exception of “weiter” which takes, at most, two minutes to crack, owing to its unusual nature.

NordPass has also found that South Africans, and people around the world, stick to certain behaviours when coming up with passwords. For example, a currently trending password among South Africans is “awesome” which reveals an emotion, and is a simple, easy-to-come-to-mind word.

South Africans also employ passwords inspired by public holidays or events. “October24” is a common password locally, most likely a reference to Heritage Day. This phenomenon is also seen overseas. In the United Arab Emirates, an event called Expo 2020 Dubai also left a lasting impression, with “Dubai@2020” being ranked among the country’s most common passwords.

The company’s study has also found that people who are often online tend to use numbers in their passwords, most likely influenced by the websites they use that have number or case-sensitive requirements.

“Almost a third (31%) of the world’s most beloved passwords this year consist of similar numerical sequences, such as ‘123456789,’ ‘123321,’ and ‘000000’,” the study reads. While having a password be a string of long numbers may seem like a difficult one to breach, they are just as easy, if not more so, than a wordy password.

Another concerning finding from the study is that as many as 70 percent of the most used passwords worldwide can be brute forced in less than a single second.

NordPass believes this is evidence that something has to change in the way that we create and use passwords to protect our information. This may be especially true as threat actors become more sophisticated in their approaches. Nowadays there is even password-stealing malware floating around online.

Once this malware has your passwords and other information, threat actors can use it to steal money from you or launch other, larger attacks. NordPass instead suggests the use of “PassKeys,” of course it would as the company sells them.

But they will definitely work better than having “admin” as your go-to.

“Passkeys are a new form of authentication. The essence of this technology is that the user doesn’t need to come up with a password — everything is done automatically. When joining a website that supports passkeys, the user’s device generates a pair of related keys — public and private. The private key is saved on the device itself and the public key is stored on the website’s server,” NordPass explains in a statement sent to Hypertext.

“Without each other, they are useless. If the user is successfully identified by their biometrics, the passkeys are matched and the user successfully signs in.”

Whether you try out PassKeys, or even try a bit hard to come up with a more unique and complex password, something has to change, South Africa. The time has come and gone when cyberattacks were relegated to the TV screen. They are real and they can cost you, companies, and the government millions.

To check out the full World Password study by NordPass, click here.

[Image – Photo by Sergi Kabrera on Unsplash]